1. Field of the Invention
The present invention relates to a cryptographic communication system, and in particular to a cryptographic communication system for sending/receiving an encrypted message without the transmission of a plaintext message via a communication channel being required.
More specifically, the present invention pertains to a system wherein, while the presence of a nonencrypted message in a decryption server is precluded, the server decrypts an encrypted message and sends the decrypted message to an authorized receiver.
2. Description of the Related Art
A currently popular public key encryption system (a cryptographic communication system employing two types of keys, a public key and a secret/private key, for encryption and decryption) substantially inhibits the calculating of a decryption key, even though an encryption key can be read, based on the computational complexity of a unique factorization.
The public key cryptography system will now be briefly described. A key used when a third party sends information to a user himself is opened (i.e., made available) to the public. This key is called a public key, and is opened to the public by an official organization, etc., so that it is accessible to anyone. A decryption key for decrypting information that is encrypted using a public key and is assigned to a user is called a secret key or private key. A secret key is one that is known only by its owner. With this configuration, a user can prevent a leakage, to a third party, of information received across a network.
The RSA algorithm, which is one of the public-key cryptography, will now be explained. First, prime numbers a and b having an adequate number of digits are selected, and a product for them is calculated to create N, which is one of a pair of public keys:
N=a*b
The least common multiple LCM G of axe2x88x921 and bxe2x88x921 is calculated:
G=LCM(axe2x88x921, bxe2x88x921)
Next, another public key P, which is relatively prime with G, is selected (GCD: Greatest Common Divisor):
GCD(G,P)=1
It is known that there are r and S that satisfy the following equation, and S is defined as a secret key:
G*r+P*S=1
In this manner, the public keys (P, N) and the secret key S are created. (The values P and N may be regarded as constituting either a public key pair (i.e., plural keys) or, as is common in the art, as a single public key with components P and N. The distinction is purely one of terminology.)
Following this, encryption will now be described. When an encryption function involving public keys (P, N) is defined as EP( ), it is represented as follows:
EP(M)=MP mod N,
wherein M is plaintext, whose length is less than N.
Referring to FIG. 1, when a sender SND sends a message M to a receiver RCV, first, the message M is raised to the Pth power and a remainder obtained by dividing the result by N is sent.
Finally, decryption using a secret key will be explained. When a secret key S is acquired, decryption function D( ) is defined as follows:                               D          ⁡                      (            C            )                          =                  xe2x80x83                ⁢                              E            S                    ⁡                      (            C            )                                                  =                  xe2x80x83                ⁢                              C            S                    ⁢                      xe2x80x83                    ⁢          mod          ⁢                      xe2x80x83                    ⁢          N                                        =                  xe2x80x83                ⁢                                            (                                                M                  P                                ⁢                                  xe2x80x83                                ⁢                mod                ⁢                                  xe2x80x83                                ⁢                N                            )                        S                    ⁢          mod          ⁢                      xe2x80x83                    ⁢          N                                        =                  xe2x80x83                ⁢                              M            PS                    ⁢                      xe2x80x83                    ⁢          mod          ⁢                      xe2x80x83                    ⁢          N                                        =                  xe2x80x83                ⁢                  M          ⁢                      xe2x80x83                    ⁢          mod          ⁢                      xe2x80x83                    ⁢          N                                        =                  xe2x80x83                ⁢        M            
wherein encrypted text C is assumed to be C=EP(M).
Referring to FIG. 1, for decryption of an encrypted message sent by a sender 1 to a receiver 2, first, the received message is raised to the Sth power, and a remainder obtained by dividing the result by N is employed as a message M.
A detailed mathematical proof showing why an encrypted message is recovered to the message M by performing the above calculation is not related to the essence of the present invention, and no explanation for it will be given. The public encryption system provides very safe cryptographic communication between the sender 1 and the receiver 2.
However, in reality, it is complicated for the receiver 2 to himself create a pair of public keys (P, N) and a secret key S, and to open the former keys to the public and manage the latter.
Actually, one example of the above described environment is a case where a nationwide lottery is to be conducted on a network.
In addition to the other problems, when a lottery grouping related to the exchanges of money or tenders is conducted on a network, fairness must be taken into consideration. If decryption is performed only by a receiver, it could easily be imagined that to senders the trustworthiness of a receiver""s system, the trustworthiness of a decryption method and the level of knowledge concerning encryption possessed by a user on the decryption side would be suspect.
If a sender mistakenly sends an encrypted message to a receiver, the receiver could illegally read the encrypted message and acquire knowledge of the contents.
It is therefore one object of the present invention to provide a cryptographic communication system having a high level of information security even when for a specific recipient there is a plurality of senders.
It is another object of the present invention to provide a fair and secure lottery system.
It is an additional object of the present invention to provide a fair and secure public tender system.
It is a further object of the present invention to provide an encrypted message delivery method whereby a receiver can be verified to be an authorized receiver.
It is still another object of the present invention to provide an information exchange method whereby neither a sender nor a receiver have to manage a secret key.
It is a still further object of the present invention to provide an encryption transmission protocol for a sender, a receiver and a server.
It is a yet another object of the present invention to provide a method for decrypting message while having no knowledge of the contents of a plaintext message.
To achieve the above objects, according to the present invention, in addition to a transmitter used by a sender and a receiver used by a recipient, a server is employed that performs only the decryption of a message and that possesses a secret key. Further, while the presence of a nonencrypted messages in the server is precluded (i.e., the server is prevented from obtaining knowledge of the contents of a plaintext message), the server is responsible for the decryption of an encrypted message and the transmission of the decrypted message to an authorized receiver.
This system provides a protocol applicable to a three person group: a transmitter, a receiver and a server. Specifically:
1. The server creates a paired secret key and public key using a public key system, and opens the latter keys to the public.
2. The transmitter encrypts information (a message) using the public key and sends the encrypted information to the receiver.
3. The receiver adds a secret random number to the encrypted information to provide additional encryption for the information, and sends the resultant information to the server.
4. The server decrypts the received information using its secret key, and returns the decrypted information to the receiver.
5. The receiver multiplies the information by the inverse element of the secret random number to recover the original information, and reads it.
Using this protocol, a secure and fair encrypted message delivery system, lottery system and public tender system can be provided. In addition, according to this protocol, no plaintext messages are not sent on the line that connects between the transmitter, the receiver and the server. The management of secret material is no longer required of the sender and the receiver. Further, no plaintext message is recovered during the processing performed by the server when decrypting a message. Therefore, the server can provide a decryption service while having no knowledge of the contents of an encrypted message.